Project

General

Profile

Actions

Bug #7725

open

decode/ipv4: missing ip-in-ip case handling

Added by Juliana Fajardini Reichow 2 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

A flow with IPv4 IP in IP traffic won't handle this tunneling case properly.
This leads to potential malicious traffic not triggering alerts, as well as other
inaccuracies in the logs.

Check if this case is also missing in other scenarios.

Waiting to see if the pcap shared can be added to a public SV test.


Subtasks 1 (1 open0 closed)

Bug #7726: decode/ipv4: missing ip-in-ip case handling (7.0.x backport)In ReviewJuliana Fajardini ReichowActions

Related issues 2 (2 open0 closed)

Related to Suricata - Bug #4571: Unable to trigger rule by content in case of IPv4 in IPv4 encapsulationFeedbackVictor JulienActions
Related to Suricata - Task #7734: decode: review if any decoders are missing for IPv4 or IPv6NewOISF DevActions
Actions

Also available in: Atom PDF